The Hacker News — Cyber Security, Hacking, Technology News

Android platform is a primary target for malware attacks from few years and during 2013, more than 79% of mobile operating malware threats are taking place on Android OS.

I have been working on Android Malware architectures since last two years and created 100's of sample of most sophisticated malware for demo purpose.

Till now we have seen the majority of Android malware apps that earn money for their creators by sending SMS messages to premium rate numbers from infected devices.

Security researchers at Lookout identified an interesting monetized Android Malware labeled as 'Mouabad', that allow a remote attacker to make phone calls to premium-rate numbers without user interaction from C&C servers by sending commands to the malware.

The technique is not new, but infection from such app notified first time in the wild. The variant dubbed MouaBad.p., is particularly sneaky and to avoid detection it waits to make its calls until a period of time after the screen turns off and the lock screen activates.

"Mouabad.p also end the calls it makes as soon as a user interacts with their device (e.g. unlocks it). However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p’s dialing activity by checking their call histories."

Risk of infection is low, because the malware app works only on devices running Android version 3.1 or old and designed to mainly target Chinese-speaking users.

"Mouabad.p and other trojans that can financially harm users and effectively hide themselves underscore the need for sophisticated mobile malware protection."

Android architecture loophole contributes to the growth of Android malware. It basically can't identify the difference between a legit app i.e. Taking permissions to read your Contacts or SMS (i.e. True Caller), or a malicious applications (i.e. Trojans), or state-sponsored applications (i.e. WeChat). Neither Android architecture allows users to revoke the list of permissions they don't want to give to an application.

For now, If you own a Smartphone, I highly recommend you to install applications only from some trusted App Store i.e. Google Play.

As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware.

According to latest Mobile Threat report from F-Secure, Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, but Google developer responded with,"F-Secure can say that anything is malware".

F-secure report said, In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter.

According to official Google figures, there are over 700,000 apps and games in the Play marketplace and malware on Android jumped 850 percent between 2012 and this year.

Whereas an Google Android developer reply to TechCrunch technology generalist ,"They say they detected Trojans but they didn't explain what were their effects on the system, because if they did, everyone will know they’re not really Trojans that’s only what they want you to think".

F-secure report also claimed that a large share of the Android threats found in the fourth quarter was malware that generates profit through fraudulent short message service (SMS) practices, with 21 of the 96 Android threat variants found contributed by Premium SMS, a malware family that sends out messages to premium rate numbers.

"F-Secure can say that anything is malware, even ‘dodgy sms’ which doesn't fall under the definition of malware…. They say they detected Trojans" Google Android developer reply.

Apple iOS on the other hand accounted for only 0.7% of all malware and Windows Mobile, BlackBerry, and J2ME devices each accounted for less than 1% of malware threats during 2012.

On other hand, Symbian still accounts for 19% of all malware despite being abandoned by Nokia, F-Secure says.

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone.

This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware.

Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched.

When it receives a DDoS attack command, the malware starts to send data packets to the specified address. "Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more." they said.

I would like to advise readers to only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android, Always check the number of downloads, app rating and user reviews, Carefully review permissions before downloading and/or installing an app.